Links

Server-Status

Only usable if you use OMV with HP Microserver Gen8 where you cannot boot from a ODD disk (connector) and inserted HDDs in RAID) Today, a day before my holiday (murphys law). I noticed that suddenly a samba share was not responsive anymore and that OMV was running in read-only mode.

A quick scan showed first a 2,5″ HDD failure (the disk where OMV is on) and a second scan showed that the USB flash drive with grub (this starts OMV) was not accessible anymore. (probably caused due too high temperatures last week).

The RAID installation with 4 HDDs was expected to be ok.

So I grabbed a new flash drive, and a new 2,5″ 500GB disk (I had those laying around especially for this purpose). a bootable SD card with OMV 4 was also present

Mail in a Box (mailinabox) can backup its mail with rsync to a destination of your choice. When it was working but your target backup machine has been changed suddenly mail in a box comes with the message: invalid literal for int() with base 10: ”

You checked, double checked your settings and they are all ok .. but still the above message. The reason is that Mail in a Box keeps a record of your SSH keys to protect itself:

messages like: WARNING: POSSIBLE DNS SPOOFING DETECTED! and

The ECDSA host key for [my.box.org]:22 has changed, and the key for the corresponding IP address [target.ip]:22 has a different value. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. Offending key for IP in /root/.ssh/known_hosts:7

Normally this is good behaviour but now you need to have fixed this: its easy with this command ssh-keygen -f “/root/.ssh/known_hosts” -R [my.domain.name]:port

Mail in a box (MIAB) has a backup feature available. It stores full and incremential backups on the mailserver and it is possible to store the backup also on another device through RSYNC. In my situation I am saving the data to an OpenMediaVault NAS

Here I write my own: How I did it (quick and dirty cause I expect you to know things).

In short: rsync over port 5678 to backup your data to the OpenMediaVault NAS

Make sure you have a hostname available where rsync can be connected to, the hostname must point to the IP where the OMV (OpenMediaVault) is connected

Rsync over SSH is being used.

if you do not want to use port 22 with Rsync, you need to modify /root/mailinabox/management/backup.py line 19: change -p 22 to -p 5678

Please note that it is not possible to use the ~/.ssh/config file where you can add the port as well. The reason is that the verification process needs in the backup.py a -p setting which is not overridden bij de config file.

SSH standard port 22, this we will change. (ie. port 22 is already in use towards another server)

In the router go to your portforwarding section and open port 5678 towards port 22 to your device (with OpenMediaVault).

MIAB and RSYNC needs to have the full path where to store the backup. In my situation: /media/a925efd7-ada5-48b5-80e6-383cc6274bcd/Backup (the folder must available and writable

Make sure that a user can login with SSH and can access OpenMediaVault

MIAB is providing a public key for auto-login needed for rsync. this key must be available in OpenMediavault. You can put the public key in: ~/.ssh/authorized_keys or in a folder in /var/lib/openmediavault/ssh/authorized_keys where you create a file with the name of the user

within MIAB you can use from /root/mailinabox/ the following: sudo management/backup.py –verif

to test if your public key is accepted: from MAIB ssh with the following command: ssh -p 5678 -i /root/.ssh/id_rsa_miab user@domain.name

If this is giving you a direct login to your OpenMediaVault NAS you can use Rsync ;)

This posts is merely an overview of what I did to get my WLAN guests, who access the Internet through the hotspot feature of the USG and the Unifi controller,through a VLAN so that they are not part of my own private network. (security)

This handout only applies when you own some gear of Ubiquity. (I have also other hardware, here you might have to make some configuration as well, my situation is explained.

1st Create a guest network with VLAN100. Do this only if you have the USG. If you do not have an USG this does not apply cause the network part in the controller is for use with the Unifi USG router.

If you use “Guest” it is already isolated from your corporate LAN. Modify other settings like DHCP in this menu. This I do not explain.

Now make sure your SSID for your guests can be on a VLAN

This is the most important part.

Notice: I have an US-8-150W. When creating a VLAN Guest network in the profiles part of the controller the ports will be configured automatically. As long as you have all profiles accepted on the ports, the VLAN will directly work if your AccessPoint is directly connected to the Unifi Switch.

In my situation I have 2 AccessPoints behind a smart switch and 1 AccessPoint connected to a dumb switch what is connected to the US-8-150W (all devices eventually come to the US-8-150W as the uplink is the USG Router).

A simple test towards the AP connected to the dumpswitch is showing that the VLAN is working

To have the VLAN100 working towards the other APs you need to tag the ports in other smart swiches. In my situation 2 different TP-Link devices

Tips for the TP-Link: TLSG108E: enable 802.1Q (no need to set the 802.1Q PVID setting)

In my example you see that port 1 and port 6 are tagged with VLAN 100. Port 1 is the uplink port towards the other switch (the unifi switch) and port 6 is the port towards the AccessPoint

Apply and save the configuration and your guests can access the guest portal over VLAN

the TP-Link SG2216 is a business smart switch so the screens are a little different

Here you see the VLAN section of the SG2216 where I tagged port 16 (uplink port towards the Unifi Switch) and port 10 connected to the AccessPoint. Now this AccessPoint is also serving VLAN towards my Guests.

Maybe you wonder what will happen to your normal LAN clients when you enable or tag ports on VLAN100: your normal LAN is not tagged and the switches will forward your data normally.

Okay machine ‘I am behind a VPN’ can be accessed locally: 10.1.1.20, with OpenVPN it is behind an external IP address, not mine I set up a VPN to my local network: 10.10.10.50 is my IP when I am behind a VPN, when I try to access 10.1.1.20 it is not allowed, where other machines in the same network are ok. This is due to the OpenVPN connection being active (when disabling OpenVPN, than all is ok), so trying to be able to allow the remote VPN access the machine.

Make sure that there is a connection with your “Master Kodi” create a samba link in /etc/fstab ie. example //192.168.1.115/Userdata/ /media/kodi cifs guest,uid=1000,iocharset=utf8 0 0 now the thumbnails can be saved correctly

A number of Windows 2008 server installations where designed to have 1 DISK with 100GB deviced in 50GB C and 50GB D. Unfortunately 50GB is too less if you run a server and want to apply all patches. (Previous downloaded patches are kept in a ‘storage’ and cannot be deleted, finally consuming a lot of HDD space.

To solve this: add a DATA DISK to the instance in Cloudstack. Please note: the DATA DISK will not be found / seen or identified automatically by the Windows Server

Through the managment panel within Cloudstack you need to attach an ISO: VIRTIO (Leaseweb does provide this)

Within the Device Manager an SCSI device has been found, but no drivers can be applied, therefore the ISO you need to attach so that the VIRTIO drivers can be applied to your machine.

Now the drive will become available and you can format etc..

To expand the C drive: remove all data from the partitions/drives not needed (D, E etc.) You can also copy the content to the new DATADISK you now have.

By default through the DISK MANAGER (under Server Manager) you CANNOT expand the root / boot disk. You can try all kinds of freeware stuff: no go, it will all point you to version you have to pay $$ for.

The solution is to use DISKPART. As Administrator open a CMD window and enter:

Now important: if you do reboot this way: you will not see your DataStores anymore, only your NFS datastores (in my situation) this is caused by VMWARE ESXI as it will be using vmw_ahci driver for the datastore.

so disable the usage of this ‘default’ driver: esxcli system module set –enabled=false –module=vmw_ahci

yesterday and today I tried to upgrade my HP Microserver Gen8 from VMWARE ESXI 6.0.0 to 6.5 what a trouble ..

Steps: shut down all vms (hosts) and enter maintenance mode. If you do this there are a number of online blogs with help to install from online depots but in all my tests it was too slow or I was to impatient to wait to end. But in the end I always ended up with an system with errors:

the transaction is not supported: VIB Hewlett-Packard_bootbank_scsi-hpvsa_5.5.0-88OEM.550.0.0.1331820

Do not try to force the installation. You will end up with an system where it seems that your EXSI is updated to 6.5 but actually is is running in a ramdisk environment. Easy to see cause you have lost your datastores (NFS datastores are still mounted).

If you than reboot: you are back to 6.0.0 .. so how to solve this:

easy: when entering maintenance mode: reboot your machine. In many guidelines this part is not mentioned.

After I rebooted I first tried the online depot installation documentation but ended up waiting and waiting. I got a VMWARE image for update from VMWARE but I got all kinds of different issues again:

“The upgrade contains the following set of conflicting VIB” When using the standard image of VMWARE: many conflicting vibs a no go for me. So I read some blogs and I found out that it is best to keep using your HPE image vmware files. (So in short: if you used the HPE VMWARE ESXI ISO installing Esxi onto your HP Microserver Gen8 keep using the update files with HPE in it and not the plain VMWARE onces. It can give issues !

After I used the HPE image I only got 1 issue: one vib was still complaining. On this blog I read what I needed to do: remove this vib (partner supported, so not native).

After removing this VIB I could upload the various ZIP bundle files like